Thank you for responding! I'm actually getting a bunch of unlinked files in my output directory. Should the usgcb file be usgcb-rhel6-server-xccdf.xml?
Luke ________________________________________ From: scap-security-guide-bounces@lists.fedorahosted.org [scap-security-guide-bounces@lists.fedorahosted.org] on behalf of Shawn Wells [shawn@redhat.com] Sent: Thursday, September 26, 2013 8:29 PM To: scap-security-guide@lists.fedorahosted.org Subject: EXTERNAL: Re: scan question
On 9/26/13 1:16 PM, Kordell, Luke T wrote:
Hello,.
I recently downloaded the SCAP source code and noticed there were some additional profiles listed in the profiles folder. How can I run a scan against these profiles? For instance wen trying to run a scan against the usgcb-rhel6-server.xml (after successfully using oscap xccdf validate) I get an "unknown document type" error. I think this is because I'm using the stig profile and the ssg cpe dictionary. If so how can I add a usgcb profile and cpe dictionary to successfully scan against this profile?
Thank you for the help.
Good question!
There are a few profiles in the RHEL6/input/profiles/ directory which are still being completed, for example the FISMA, and a few which likely should be deleted (e.g. desktop).
To list out which profiles are compiled in: $ grep "<Profile" output/ssg-rhel6-xccdf.xml <Profile id="test"> <Profile id="CS2"> <Profile id="common"> <Profile id="desktop"> <Profile id="server"> <Profile id="ftp"> <Profile id="stig-rhel6-server">
Profile definitions from RHEL6/input/profiles/ are merged into the build process through the RHEL6/input/guide.xslt file: https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL6/input/g...
Since you're cloning the source (which is great!), I'll wager you're comfortable editing things. If you'd like to check out the (in progress) USGCB, add a line where you see the other apply-templates:
<xsl:apply-templates select="document('profiles/usgcb-rhel6-server.xml')" />
From there, re-run 'make content' in the RHEL6 directory and you'll see an updated XCCDF in the output/ directory